Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Stealth Viruses


  • Please log in to reply
14 replies to this topic

#1 nickth93

nickth93

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:58 PM

Posted 11 August 2015 - 07:12 AM

Hello everyone.

I needed help with my University Research.

As you can see from the topic I am researching stealth viruses and would like an expert to guide me through, meaning with virus examples for Win32 systems.

If you guys could help me find links or virus names to search, I'd be glad!!!

 

Thank you very much!


Edited by hamluis, 11 August 2015 - 08:39 AM.
Moved from MRL to Gen Security - Hamluis.


BC AdBot (Login to Remove)

 


#2 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Members
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:09:58 AM

Posted 11 August 2015 - 09:31 AM

Virus NAMES can be provided to you.

 

If you want the actual virus, we cannot help you with that.

 

Bleeping Computer is in the Malware Removal business and we do not encourage our members to go looking for malware. However if you are still interested the best suggestion we can make is what has been said previously by Grinler our site owner:

Warez and crack sites are a good source and should only be used from a virtual machine. That's the best information and most specific information we can provide.

 

Warez and crack sites are a good source and should only be used from a virtual machine. That's the best information and most specific information we can provide.



#3 nickth93

nickth93
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:58 PM

Posted 11 August 2015 - 09:36 AM

Thank you very much for answering.

If you can give me names of known stealth viruses for Win32 that would be grand!!


Edited by nickth93, 11 August 2015 - 09:37 AM.


#4 nickth93

nickth93
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:58 PM

Posted 11 August 2015 - 12:49 PM

 

Virus NAMES can be provided to you.

 

If you want the actual virus, we cannot help you with that.

 

Bleeping Computer is in the Malware Removal business and we do not encourage our members to go looking for malware. However if you are still interested the best suggestion we can make is what has been said previously by Grinler our site owner:

Warez and crack sites are a good source and should only be used from a virtual machine. That's the best information and most specific information we can provide.

 

Warez and crack sites are a good source and should only be used from a virtual machine. That's the best information and most specific information we can provide.

 

 

I know about the virtual machine thing but I don't really want that I just want info on stealth viruses!!!



#5 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,718 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:58 PM

Posted 11 August 2015 - 01:38 PM

What is your definition of a stealth virus?


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#6 nickth93

nickth93
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:58 PM

Posted 11 August 2015 - 04:32 PM

A virus is a piece of software that attaches itself to other host-software. A stealth virus is a virus that hides itself pretty well. It can infect a file but when an antivirus software makes its usual checksums, by keeping order in files checking if some of them have changed size, for example, the stealth virus takes control of the system commands so that the files seem normal to the antivirus software.  That is how stealth works. Sometimes stealth viruses can disinfect a file and hide in the boot sector and when the checksums are finished infects the file again. If the user activates the infected file/program then the stealth virus does its payload.

 

 

What is your definition of a stealth virus?

 


Edited by nickth93, 11 August 2015 - 04:39 PM.


#7 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,718 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:58 PM

Posted 12 August 2015 - 01:39 PM

OK, so you are looking for file-infectors with rootkit behavior?


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#8 nickth93

nickth93
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:58 PM

Posted 13 August 2015 - 04:00 PM

Names of famous Win32 stealth viruses. If you can find anything please let me know!!! Thank you very much!!!



#9 nickth93

nickth93
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:58 PM

Posted 13 August 2015 - 04:05 PM

I think Rootkits are programs which infect the dark spaces of the hard drive and memory but unlike viruses they don't have a payload. They may be there to allow another infection to pass through the system's defenses. But I don't really know. 



#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,768 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:58 AM

Posted 13 August 2015 - 06:20 PM

You may want to read...Glossary of Malware Related Terms
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 nickth93

nickth93
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:58 PM

Posted 14 August 2015 - 07:46 AM

You may want to read...Glossary of Malware Related Terms

 

Oh thsnk you really helpful. But you are missing the conversation's main goal.  



#12 nickth93

nickth93
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:58 PM

Posted 14 August 2015 - 03:29 PM

Now that I look through this a bit more I see that you don't mention stealth viruses anywhere.... Do you believe that stealth is an aspect for a virus to survive?? Anyway I will write Tequila once more. Thanx anyway!!​

 

 

You may want to read...Glossary of Malware Related Terms



#13 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:03:58 PM

Posted 14 August 2015 - 03:54 PM

Hi there,

I believe quietman7's link for you is quite relevant as we don't call all malware "viruses". :) Didier's description is pretty close to what you are looking for.

#14 nickth93

nickth93
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:58 PM

Posted 14 August 2015 - 04:02 PM

Nor do I call every malware a virus...Yahoo!!!! and you are right I found my virus at last so it is Xorer.F. Thank you all for your help!!!!


Edited by nickth93, 14 August 2015 - 04:07 PM.


#15 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,718 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:58 PM

Posted 15 August 2015 - 07:06 AM

 

Virus:Win32/Xorer.F is a detection for a specific variant of the Xorer family of file infectors. It is a slow file infector, meaning that it lets a certain period of time pass between infecting files. It has worm capabilities by dropping copies of itself in writeable drives. It also has rootkit components that enable it to avoid detection in an infected system.

 

http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Virus%3aWin32%2fXorer.F


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users